this post was submitted on 11 Feb 2024
385 points (93.5% liked)

Technology

58303 readers
12 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
385
Microsoft's Bitlocker & TPM encryption combo defeated with a $10 Raspberry Pi (www.pcgamer.com)
submitted 9 months ago by [email protected] to c/[email protected]
57 comments fedilink hide all child comments
 

Microsoft's Bitlocker & TPM encryption combo defeated with a $10 Raspberry Pi::The point of Microsoft's Bitlocker security feature is to protect personal data stored locally on devices and particularly when those devices are lost or otherwise physically compromised. With Bi

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 24 points 9 months ago (1 children)

Isn't the whole point of BitLocker protection from direct access? When a computer is turned off, encryption should keep the data safe. Also when a computer is turned off, basically no remote vector is going to work. AFAIK, when the computer is on, the drive is mounted and BitLocker provides no additional protection over an unencrypted drive.

[–] [email protected] 6 points 9 months ago (1 children)

Yes, you're correct. It's just that if somebody is got full access to your hardware, with no time limits and can just poke around your pcb, BitLocker is the least of your concerns. It should still not be flawed - but at that point, even Samsung's Knox, Qualcomm's memory protection and Apple's Secure Enclave have failed in the past, allowing the tinkerer to extract decryption keys.

It's more realistic to expect BitLocker to protect your external hard drive in case I grab it and run away, rather than expecting your computer to be bullet proof in case I aprehend the entire device.

But again, I do agree, this is a vulnerability and it's an issue, though limited to people using an actual TPM module rather than the built in one in the CPU.

[–] [email protected] 2 points 9 months ago (1 children)

Veracrypt drive encryption does not have the same problem, it would be secure even with physical access

[–] [email protected] 2 points 9 months ago (1 children)

I don't think a Veracrypt setup could use a hardware pairing for the decryption key, and also boot from an encrypted drive, though.

[–] [email protected] 1 points 9 months ago (1 children)

Yeah, it's safe because of no TPM usage. You can boot from an encrypted drive, it'll prompt for the key instead of auto loading from vulnerable hardware

[–] [email protected] 3 points 9 months ago (1 children)

Bitlocker supports the same usecase, but everybody wants that automatic boot feature so...

It also lets you store a secondary key on a server and require the computer to be on trusted networks to be able to retrieve it to boot, but I've never ever heard of anybody using that

[–] [email protected] 2 points 9 months ago (1 children)

Pretty sure it uploads the key to microsoft servers when you do that

[–] [email protected] 2 points 9 months ago

That's the default, but you can block it in the command line configuration tool